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BGP Administrative Shutdown Communication 
Abstract 
This document enhances the BGP Cease NOTIFICATION message 
"Administrative Shutdown" and "Administrative Reset" subcodes for 
operators to transmit a short freeform message to describe why a BGP 
session was shutdown or reset. This document updates RFC 4486. 
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1. Introduction 


It can be troublesome for an operator to correlate a BGP-4 [RFC4271] 
session teardown in the network with a notice that was transmitted 
via offline methods such as email or telephone calls. This document 
updates [RFC4486] by specifying a mechanism to transmit a short 
freeform UTF-8 [RFC3629] message as part of a Cease NOTIFICATION 
message [RFC4271] to inform the peer why the BGP session is being 
shutdown or reset. 


1.1. Requirements Language 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", “SHALL NOT", 
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 
"OPTIONAL" in this document are to be interpreted as described in 
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 
capitals, as shown here. 


2. Shutdown Communication 


If a BGP speaker decides to terminate its session with a BGP 
neighbor, and it sends a NOTIFICATION message with the Error Code 
"Cease" and Error Subcode "Administrative Shutdown" or 
"Administrative Reset" [RFC4486], it MAY include an UTF-8 encoded 
string. The contents of the string are at the operator’s discretion. 
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The Cease NOTIFICATION message with a Shutdown Communication is 
encoded as below: 


0 1 2 3 

0 1 234.956" 28 90) i203 A 3 6 T 8 OD ON 23 AD 6 48. OO: T 
aan nT a Sn Si Sie Se Si SS in H 
Error Code 6 | Subcode | Length | 
=+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- +++ 


Shutdown Communication 


kA Nn aAA pe 
ASSA NSA 


-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
Figure 1 


Subcode: the Error Subcode value MUST be one of the following 
values: 2 ("Administrative Shutdown") or 4 ("Administrative 
Reset"). 


Length: this 8-bit field represents the length of the Shutdown 
Communication field in octets. The length value MUST range from 0 
to 128 inclusive. When the length value is zero, no Shutdown 
Communication field follows. 


Shutdown Communication: to support international characters, the 
Shutdown Communication field MUST be encoded using UTF-8. A 
receiving BGP speaker MUST NOT interpret invalid UTF-8 sequences. 
Note that when the Shutdown Communication contains multibyte 
characters, the number of characters will be less than the length 
value. This field is not NUL terminated. 


Mechanisms concerning the reporting of information contained in the 
Shutdown Communication are implementation specific but SHOULD include 
methods such as Syslog [RFC5424]. 


3. Operational Considerations 


Operators are encouraged to use the Shutdown Communication to inform 
their peers of the reason for the shutdown of the BGP session and 
include out-of-band reference materials. An example of a useful 
Shutdown Communication would be: 


"[TICKET-1-1438367390] software upgrade; back in 2 hours" 
"[TICKET-1-1438367390]" is a ticket reference with significance to 


both the sender and receiver, followed by a brief human-readable 
message regarding the reason for the BGP session shutdown followed by 
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an indication about the length of the maintenance. The receiver can 
now use the string ’TICKET-1-1438367390’ to search in their email 
archive to find more details. 


4. Error Handling 


If a Shutdown Communication with an invalid Length value, or an 
invalid UTF-8 sequence is received, a message indicating this event 
SHOULD be logged for the attention of the operator. An erroneous or 
malformed Shutdown Communication itself MAY be logged in a hexdump 
format. 


5. IANA Considerations 
IANA references this document (in addition to [RFC4486]) for subcodes 
"Administrative Shutdown" (2) and "Administrative Reset" (4) in the 
"Cease NOTIFICATION message subcodes" registry under the "Border 
Gateway Protocol (BGP) Parameters" group. 


6. Security Considerations 


This document uses UTF-8 encoding for the Shutdown Communication. 


There are a number of security issues with Unicode. Implementers and 
operators are advised to review Unicode Technical Report #36 [UTR36] 
to learn about these issues. UTF-8 "Shortest Form" encoding is 


REQUIRED to guard against the technical issues outlined in [UTR36]. 


As BGP Shutdown Communications are likely to appear in syslog output, 
there is a risk that carefully constructed Shutdown Communication 
might be formatted by receiving systems in a way to make them appear 


as additional syslog messages. To limit the ability to mount such an 
attack, the BGP Shutdown Communication is limited to 128 octets in 
length. 


Users of this mechanism should be aware that unless a transport that 
provides integrity is used for the BGP session in question, a 
Shutdown Communication message could be forged. Unless a transport 
that provides confidentiality is used, a Shutdown Communication 
message could be snooped by an attacker. These issues are common to 
any BGP message but may be of greater interest in the context of this 
proposal since the information carried in the message is generally 
expected to be used for human-to-human communication. Refer to the 
related considerations in [RFC4271] and [RFC4272]. 


Users of this mechanism should consider applying data minimization 
practices as outlined in Section 6.1 of [RFC6973] because a received 
Shutdown Communication may be used at the receiver’s discretion. 
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